Exploit
Description An exploit is a type of software (or in some cases hardware) that can be used to take advantage of a hardware or software vulnerability in a system that works to the advantage of the attacker. This can include conducting a denial of service attack, privilege escalation, unauthorized access to data and other resources etc https://www.techopedia.com/definition/4275/exploit. There are always vulnerabilities in applications and hardware that can be exploited and these are usually patched by the developers so that exploits cannot be used against their products http://searchsecurity.techtarget.com/definition/exploit. Although exploits commonly come in the form of software tools, they can also be a type of data (often used in a buffer overflow), or they can be commands that a system will execute that it is not suppose to. In most cases, the exploit itself is not malicious, it's more the actions the attacker performs afterwards that are malicious as exploits mainly give the attacker the advantage or opportunity they need to carry out their attack. Exploits can also be related to exploiting peoples' ignorance regarding cyber security and threats and also taking legitimate applications and using them maliciously to help attackers carry out more advanced cyber attacks against individuals and organizations. __TOC__ Consequences of Exploits If a vulnerability is not patched, then the result of it being exploited can be devastating. It all depends what can happen when the vulnerability is exploited and how it's exploited. An exploited vulnerability can result in the following cases http://www.pctools.com/security-news/what-does-exploit-mean/: * Grant the attacker escalated privileges on the system which can allow them to access and steal data, or install additional malware and compromise security mechanisms on the system. * Launch a denial of service attack which can bring down system and result in operations time lost which ultimately results in huge financial losses to an organization. * Run illicit commands that may download and install malware onto the system. * Allow sophisticated malware to enter and spread through systems and commence cyber attacks on the infected system. Notable Exploits Below are some exploits that resulted in severe and damaging outcomes: WannaCry Ransomware Attack The WannaCry attack that occurred in May 2017 infected over 200 000 computers in over 150 countries in less than a week. The reason it was able to spread so rapidly was it utilized EternalBlue to exploit Microsoft's SMBv1 protocol and spread through networks. Once on a vulnerable computer, it would encrypt a wide range of file types and demand a ransom from the victim in Bitcoin to retrieve the files. The patch for the SMBv1 vulnerability came out two months before the WannaCry outbreak and resulted in nearly $5 billion in damages worldwide. Heartbleed The Heartbleed vulnerability was the result of OpenSSL's lack of data validation. The protocol would periodically send messages from the user's computer to the web server, and the web server would send a message back. The attacker could forge the payload size of the message making it larger than the actual message sent. The server would not validate the payload size and simply return more data than what was sent. This resulted in the server acquiring data from various locations in memory and sending it to the attacker until it sent back the equivalent size as the payload. Attackers could obtain user credentials, web sessions, financial information and other sensitive information. Windows updates, Windows Defender, Windows Error Reporting and various other services would be disabled, some user accounts would be locked out and antivirus websites would be unreachable. NotPetya NotPetya was a wiper that was a malware initially thought to be a ransomware but was in fact a wiper designed to delete the master boot record (MBR) of a computer, rendering it inoperable and virtually unrecoverable. NotPetya would propagate in a similar manner to WannaCry but used three methods of spreading and infecting, two of which were exploits. The first method would be to exploit the SMBv1 vulnerability, which some computers still had even after the WannaCry outbreak. If that vulnerability could not be exploited, then it uses PsExec. This is a legitimate Microsoft tool that's functionality is exploited by attackers to help them move through networks. This tool was embedded in NotPetya and used to help it spread in the event the SMBv1 vulnerability on a system was patched. The total cost of damage caused by NotPetya as a result was estimated around $300 million but some believe the estimates can be as high as $1.2 billion. Conficker Conficker was one of the most notorious computer worms in recent history, first appearing in 2008. It exploited a flaw in Microsoft's server service which allowed it to trigger a buffer overflow and run shellcode on the infected computer. Once infected, it was common for the Svchost.exe process to crash which was needed to share files and other resources on a network. The patch to fix the vulnerability was released before the Conficker outbreak, and like the WannaCry outbreak, many systems remained unpatched and were infected. The estimated cost of damages caused by Conficker was $9.1 billion. Gmail and Facebook Access This was not a widely known exploit and it was not a vulnerability attributed to Gmail or Facebook. This was a rare case of exploiting a human element. Back in 2008, an attacker would be able to gain access into another person's Facebook and Gmail accounts and lock the legitimate account holder out. The attacker would first enter the victim's Gmail address into Gmail and enter anything as a password. After being prompted that the credentials were incorrect, the attacker would select the "Forgot password" link. Often Gmail users relied purely on a security question for this process and many users had basic questions that the attacker could get right by either knowing the victim or doing a bit of reconnaissance. After entering the correct answer, the attacker would be granted access and prompted to change the password before proceeding. Then the attacker would enter the victim's Gmail address as the username on Facebook (as the email address is usually the username) and enter anything as a password and get prompted that the credentials are incorrect. The attacker will click the "Forgot password" link and Facebook would ask if user wishes to reset their password. The attacker agrees to it and a reset password is generated and emailed to the account holder. Since the attacker has gained access into the Gmail account, they can receive the password and use it to login to the victim's Facebook page. This is a good example of how a lazy attitude towards security measures can be used against an individual. Yahoo at the time had anticipated this human error and demanded user's have two security questions in place. It was found the first questions were basic and easy to guess, but the second question became more personal to the user and was much harder to guess. Fortunately with drastic improvements in both Facebook and Gmail's security procedures, this type of exploit cannot be performed anymore. References Category:Glossary Category:Exploits